feat: admin ui for disabling users (#1547)

2025-11-17 10:11:35 +10:00 · 2024-12-30 05:45:33 +02:00
parent ee6efc4cca
commit df33fbf91b
10 changed files with 451 additions and 13 deletions
--- a/packages/api/v1/middleware/authenticated.ts
+++ b/packages/api/v1/middleware/authenticated.ts
@ -1,5 +1,6 @@
 import type { NextApiRequest } from 'next';

+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';
 import type { Team, User } from '@documenso/prisma/client';

@ -22,18 +23,33 @@ export const authenticatedMiddleware = <
      const [token] = (authorization || '').split('Bearer ').filter((s) => s.length > 0);

      if (!token) {
-        throw new Error('Token was not provided for authenticated middleware');
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'API token was not provided',
+        });
      }

      const apiToken = await getApiTokenByToken({ token });

+      if (apiToken.user.disabled) {
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'User is disabled',
+        });
+      }
+
      return await handler(args, apiToken.user, apiToken.team);
-    } catch (_err) {
-      console.log({ _err });
+    } catch (err) {
+      console.log({ err: err });
+
+      let message = 'Unauthorized';
+
+      if (err instanceof AppError) {
+        message = err.message;
+      }
+
      return {
        status: 401,
        body: {
-          message: 'Unauthorized',
+          message,
        },
      } as const;
    }
--- a/packages/lib/next-auth/get-server-component-session.ts
+++ b/packages/lib/next-auth/get-server-component-session.ts
@ -21,6 +21,10 @@ export const getServerComponentSession = cache(async () => {
    },
  });

+  if (user.disabled) {
+    return { user: null, session: null };
+  }
+
  return { user, session };
 });

--- a/packages/lib/server-only/user/disable-user.ts
+++ b/packages/lib/server-only/user/disable-user.ts
@ -0,0 +1,69 @@
+import { AppError } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+export type DisableUserOptions = {
+  id: number;
+};
+
+export const disableUser = async ({ id }: DisableUserOptions) => {
+  const user = await prisma.user.findFirst({
+    where: {
+      id,
+    },
+    include: {
+      ApiToken: true,
+      Webhooks: true,
+      passkeys: true,
+      VerificationToken: true,
+      PasswordResetToken: true,
+    },
+  });
+
+  if (!user) {
+    throw new AppError('There was an error disabling the user');
+  }
+
+  try {
+    await prisma.$transaction(async (tx) => {
+      await tx.user.update({
+        where: { id },
+        data: { disabled: true },
+      });
+
+      await tx.apiToken.updateMany({
+        where: { userId: id },
+        data: {
+          expires: new Date(),
+        },
+      });
+
+      await tx.webhook.updateMany({
+        where: { userId: id },
+        data: {
+          enabled: false,
+        },
+      });
+
+      await tx.verificationToken.updateMany({
+        where: { userId: id },
+        data: {
+          expires: new Date(),
+        },
+      });
+
+      await tx.passwordResetToken.updateMany({
+        where: { userId: id },
+        data: {
+          expiry: new Date(),
+        },
+      });
+
+      await tx.passkey.deleteMany({
+        where: { userId: id },
+      });
+    });
+  } catch (error) {
+    console.error('Error disabling user', error);
+    throw error;
+  }
+};
--- a/packages/lib/server-only/user/enable-user.ts
+++ b/packages/lib/server-only/user/enable-user.ts
@ -0,0 +1,27 @@
+import { AppError } from '@documenso/lib/errors/app-error';
+import { prisma } from '@documenso/prisma';
+
+export type EnableUserOptions = {
+  id: number;
+};
+
+export const enableUser = async ({ id }: EnableUserOptions) => {
+  const user = await prisma.user.findFirst({
+    where: {
+      id,
+    },
+  });
+
+  if (!user) {
+    throw new AppError('There was an error enabling the user');
+  }
+
+  await prisma.user.update({
+    where: {
+      id,
+    },
+    data: {
+      disabled: false,
+    },
+  });
+};
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@ -1,3 +1,4 @@
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { findDocuments } from '@documenso/lib/server-only/admin/get-all-documents';
 import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
 import { updateRecipient } from '@documenso/lib/server-only/admin/update-recipient';
@ -7,6 +8,8 @@ import { sendDeleteEmail } from '@documenso/lib/server-only/document/send-delete
 import { superDeleteDocument } from '@documenso/lib/server-only/document/super-delete-document';
 import { upsertSiteSetting } from '@documenso/lib/server-only/site-settings/upsert-site-setting';
 import { deleteUser } from '@documenso/lib/server-only/user/delete-user';
+import { disableUser } from '@documenso/lib/server-only/user/disable-user';
+import { enableUser } from '@documenso/lib/server-only/user/enable-user';
 import { getUserById } from '@documenso/lib/server-only/user/get-user-by-id';
 import { extractNextApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { DocumentStatus } from '@documenso/prisma/client';
@ -15,6 +18,8 @@ import { adminProcedure, router } from '../trpc';
 import {
  ZAdminDeleteDocumentMutationSchema,
  ZAdminDeleteUserMutationSchema,
+  ZAdminDisableUserMutationSchema,
+  ZAdminEnableUserMutationSchema,
  ZAdminFindDocumentsQuerySchema,
  ZAdminResealDocumentMutationSchema,
  ZAdminUpdateProfileMutationSchema,
@ -70,13 +75,43 @@ export const adminRouter = router({
      return await sealDocument({ documentId: id, isResealing });
    }),

+  enableUser: adminProcedure.input(ZAdminEnableUserMutationSchema).mutation(async ({ input }) => {
+    const { id } = input;
+
+    const user = await getUserById({ id }).catch(() => null);
+
+    if (!user) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User not found',
+      });
+    }
+
+    return await enableUser({ id });
+  }),
+
+  disableUser: adminProcedure.input(ZAdminDisableUserMutationSchema).mutation(async ({ input }) => {
+    const { id } = input;
+
+    const user = await getUserById({ id }).catch(() => null);
+
+    if (!user) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User not found',
+      });
+    }
+
+    return await disableUser({ id });
+  }),
+
  deleteUser: adminProcedure.input(ZAdminDeleteUserMutationSchema).mutation(async ({ input }) => {
-    const { id, email } = input;
+    const { id } = input;

-    const user = await getUserById({ id });
+    const user = await getUserById({ id }).catch(() => null);

-    if (user.email !== email) {
-      throw new Error('Email does not match');
+    if (!user) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User not found',
+      });
    }

    return await deleteUser({ id });
--- a/packages/trpc/server/admin-router/schema.ts
+++ b/packages/trpc/server/admin-router/schema.ts
@ -43,11 +43,22 @@ export type TAdminResealDocumentMutationSchema = z.infer<typeof ZAdminResealDocu

 export const ZAdminDeleteUserMutationSchema = z.object({
  id: z.number().min(1),
-  email: z.string().email(),
 });

 export type TAdminDeleteUserMutationSchema = z.infer<typeof ZAdminDeleteUserMutationSchema>;

+export const ZAdminEnableUserMutationSchema = z.object({
+  id: z.number().min(1),
+});
+
+export type TAdminEnableUserMutationSchema = z.infer<typeof ZAdminEnableUserMutationSchema>;
+
+export const ZAdminDisableUserMutationSchema = z.object({
+  id: z.number().min(1),
+});
+
+export type TAdminDisableUserMutationSchema = z.infer<typeof ZAdminDisableUserMutationSchema>;
+
 export const ZAdminDeleteDocumentMutationSchema = z.object({
  id: z.number().min(1),
  reason: z.string(),